IdentityServer4 验证 Personal Access Tokens (PAT) 的问题
0
悬赏园豆:30
[已解决问题]
解决于 2022-11-24 18:56
通过 Personal Access Tokens 访问受保护的 web api 时,出现下面的报错
System.InvalidOperationException: You must either set Authority or IntrospectionEndpoint
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionOptions.Validate()
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.PostConfigure(String name, OAuth2IntrospectionOptions options)
at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
at Microsoft.Extensions.Options.OptionsCache`1.<>c__3`1.<GetOrAdd>b__3_0(String name, ValueTuple`2 arg)
at System.Collections.Concurrent.ConcurrentDictionary`2.GetOrAdd[TArg](TKey key, Func`3 valueFactory, TArg factoryArg`ument)
at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd[TArg](String name, Func`3 createOptions, TArg factoryArgument)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
Startup.ConfigureServices 中是这么配置的
services.AddAuthentication("token")
.AddJwtBearer("token", options =>
{
options.Authority = webApiOptions.Authority;
options.Audience = webApiOptions.ApiName;
options.RequireHttpsMetadata = webApiOptions.RequireHttpsMetadata;
options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
options.TokenValidationParameters.ValidateIssuer = false;
options.ForwardDefaultSelector = IdentityModel.AspNetCore.AccessTokenValidation.Selector.ForwardReferenceToken("introspection");
})
.AddOAuth2Introspection("introspection", options =>
{
options.Authority = webApiOptions.Authority;
options.ClientId = webApiOptions.ApiName;
options.ClientSecret = webApiOptions.ApiSecret;
options.EnableCaching = true;
options.DiscoveryPolicy.ValidateIssuerName = false;
});
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = webApiOptions.Authority;
options.ApiName = webApiOptions.ApiName;
options.RequireHttpsMetadata = webApiOptions.RequireHttpsMetadata;
});
请问如何解决?
最佳答案
0
在 AddIdentityServerAuthentication 中添加 ForwardDefaultSelector 设置解决了
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = webApiOptions.Authority;
options.ApiName = webApiOptions.ApiName;
options.RequireHttpsMetadata = webApiOptions.RequireHttpsMetadata;
options.ForwardDefaultSelector = IdentityModel.AspNetCore.AccessTokenValidation.Selector.ForwardReferenceToken("introspection");
});
IdentityServer4 对应的实现代码:IdentityServerAuthenticationHandler.cs#L35
– dudu 1年前